Den 29.07.2014 16:14, skrev Viktor Dukhovni: > On Tue, Jul 29, 2014 at 03:57:24PM +0200, Per Thorsheim wrote: > >> I don't know if this list is aware of this project? >> >> https://github.com/EFForg/starttls-everywhere > > The EFF folks behind this effort have reached out to me and we've > discussed some of the issues. I am somewhat ambivalent about this, > as it introduces a non-scalable registry that does fully address > the problem, and perhaps reduces incentives to do it right and > deploy DANE. On the other hand, DNSSEC adoption by large providers > is a non-trivial effort, and they cannot yet deploy DANE as quickly > as they may be able to sign up for the EFF registry. So I am not > sure whether this is a step forward or sideways.
Hm. Yeah, I get your point, and I agree with you. I look forward to talk to them directly, and will ask them more about the reasoning behind the project, and how they intend to proceed having it deployed. >> An intermediate effort before DNSSEC and DANE (hopefully) gets seriously >> deployed around the world and various TLDs. EFF will talk about this at >> PasswordsCon next week in Las Vegas, and I'll make references to this >> and DANE TLS in my talk at the DEFCON Crypto & Privacy Village. I'm very >> happy to see that these issues are gaining a lot of attention these days. >> >> Viktor: Is the IEEE meeting done yet? Any status update for DANE TLS? > > I think you mean IETF (not IEEE). Yes IETF Toronto is done, and > the SMTP draft is basically ready and has not been changed in many > weeks. The main hold-up is that the WG chairs wanted to publish > the SMTP and SRV drafts together, but the latter is substantially > less ready. Perhaps I should ask the chairs to decouple these. > > The Toronto meeting was looking at the OPS draft which updates DANE > TLSA in general (not SMTP specific). > > The only issue in the SMTP draft that may require final review by > the DANE WG is digest agility, I'll post a message to the list > this week, now that everyone is back from Toronto, and try to > wrap it up. Excellent, thx! I'll make sure to include it in my reference list for my talks. Look forward to see it finalized. > In the mean-time Patrick Koetter et. al. are doing great work in > Germany getting more organizations to deploy DANE. So far: > > posteo.de (email provider) > mailbox.org (email provider) > bund.de (German Parliament) This is very good, and can without doubt be communicated to the ACLU and EFF as well as others, to further improve deployment rates. I'll mention these as well, and make sure it reaches ACLU & EFF. I'm also working towards Norwegian government who is evaluating if they should recommend all parts of Norwegian government to implement STARTTLS support, as step 1 towards something much better. Thx Viktor! BR, Per
